Antonio Jose Ramos Marquez psxdev
psxdev
/ gist:4b09f9f417f5cebce7e9ac77043e38b2
Created
July 21, 2022 23:33
prospero implementation :P
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| debug.sh | |
| [HOST] debugnet listener up | |
| [HOST] ready to have a lot of fun!!! | |
| [PROSPERO][INFO] [+] Logger initialized... | |
| [PROSPERO][INFO] [+] Receive udp log in 192.168.1.12 with: socat udp-recv:18194 stdout | |
| [PROSPERO][INFO] [+] bd-jb by bigboss based on TheFlow and sleirsgoevy implementation | |
| [PROSPERO][INFO] [+] Creating JavaSecurityAccess | |
| [PROSPERO][INFO] [+] Creating fake JavaSecurityProxy | |
| [PROSPERO][INFO] [+] Set fake JavaSecurityProxy | |
| [PROSPERO][INFO] [+] Creating URLClassLoader |
psxdev
/ gist:daa1e2590372d8dd7e115043f9d17629
Created
July 20, 2022 00:15
Prospero java system variables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [PROSPERO][INFO] Java specification version : 11 | |
| [PROSPERO][INFO] Java specification vendor : Oracle Corporation | |
| [PROSPERO][INFO] Java specification name : Java Platform API Specification | |
| [PROSPERO][INFO] Java Virtual Machine specification version : 11 | |
| [PROSPERO][INFO] Java Virtual Machine specification vendor : Oracle Corporation | |
| [PROSPERO][INFO] Java Virtual Machine specification name : Java Virtual Machine Specification | |
| [PROSPERO][INFO] Java Virtual Machine implementation version : 11.0.11-internal+0-javamecdc | |
| [PROSPERO][INFO] Java Virtual Machine implementation vendor : Oracle Corporation | |
| [PROSPERO][INFO] Java Virtual Machine implementation name : Java HotSpot(TM) 64-Bit Minimal VM | |
| [PROSPERO][INFO] Java home : /app0/cdc/ |
psxdev
/ gist:a3ef9f3cb53b9729d14b88b4e4df93b0
Created
July 19, 2022 23:30
prospero /system_ex/rnps/apps content
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [PROSPERO][INFO] [+] [dir] /system_ex/rnps/apps | |
| [PROSPERO][INFO] [+] [dir] /system_ex/rnps/apps/NPXS40002 | |
| [PROSPERO][INFO] [+] /system_ex/rnps/apps/NPXS40002/application.ps.bundle | |
| [PROSPERO][INFO] [+] /system_ex/rnps/apps/NPXS40002/license.txt | |
| [PROSPERO][INFO] [+] /system_ex/rnps/apps/NPXS40002/manifest.json | |
| [PROSPERO][INFO] [+] [dir] /system_ex/rnps/apps/NPXS40003 | |
| [PROSPERO][INFO] [+] [dir] /system_ex/rnps/apps/NPXS40003/assets | |
| [PROSPERO][INFO] [+] [dir] /system_ex/rnps/apps/NPXS40003/assets/action-cards-host | |
| [PROSPERO][INFO] [+] [dir] /system_ex/rnps/apps/NPXS40003/assets/action-cards-host/packages-sdk | |
| [PROSPERO][INFO] [+] [dir] /system_ex/rnps/apps/NPXS40003/assets/action-cards-host/packages-sdk/consumer-sdk |
psxdev
/ gist:0b2316f2b243681e949c4b9158f96cd9
Created
July 15, 2022 20:43
prospero SecurityManager bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [HOST] debugnet listener up | |
| [HOST] ready to have a lot of fun!!! | |
| [PROSPERO][INFO] [+] Logger initialized... | |
| [PROSPERO][INFO] [+] Receive udp log in 192.168.1.12 with: socat udp-recv:18194 stdout | |
| [PROSPERO][INFO] [+] Creating File Socket use socat -u TCP-LISTEN:18194,reuseaddr OPEN:app0.zip,creat,trunc | |
| [PROSPERO][INFO] [+] bd-jb by bigboss based on TheFlow and sleirsgoevy implementation | |
| [PROSPERO][INFO] [+] Creating JavaSecurityAccess | |
| [PROSPERO][INFO] [+] Creating fake JavaSecurityProxy | |
| [PROSPERO][INFO] [+] Set fake JavaSecurityProxy | |
| [PROSPERO][INFO] [+] Creating URLClassLoader |
psxdev
/ gist:c12d1e160707e4a01551287a8f3458b5
Created
July 4, 2022 22:33
prospero dump with vanilla java 11 no more 1.3 compatibility crap :P prospero is java 11 compliant
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [HOST] debugnet listener up | |
| [HOST] ready to have a lot of fun!!! | |
| [PROSPERO][INFO] [+] Compiled with vanilla java 11 | |
| [PROSPERO][INFO] [+] Logger initialized... | |
| [PROSPERO][INFO] [+] Receive udp log in 192.168.1.12 with: socat udp-recv:18194 stdout | |
| [PROSPERO][INFO] [+] Creating File Socket use socat -u TCP-LISTEN:18194,reuseaddr OPEN:app0.zip,creat,trunc | |
| [PROSPERO][INFO] [+] File Socket created | |
| [PROSPERO][INFO] [+] bd-jb by bigboss based on TheFlow and sleirsgoevy implementation and dump code by John Törnblom | |
| [PROSPERO][INFO] [+] Dumping... | |
| [PROSPERO][INFO] [+] Creating File object app0.zip |
psxdev
/ gist:c99eebd3c8b85f2eb7a288eee74cf4b1
Created
June 11, 2022 21:45
Playing with bd-j on macos bigsur on m1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| references https://hdcookbook.jovial.com/ | |
| the github project was updated for m1 last year: | |
| https://github.com/zathras/java.net | |
| 1) You will need ant and java sdk | |
| for java this is using 1.8, it is old stuff and the author update to build all fine on m1 so | |
| java download zulu openjdk sdk 1.8.0_302 select 8u302b08 Azul Zulu: 8.56.0.23 form macos arm64 from: | |
| https://www.azul.com/downloads/?version=java-8-lts&os=macos&architecture=arm-64-bit&package=jdk&show-old-builds=true | |
| ant get the 1.10.12 version from: | |
| https://ant.apache.org/bindownload.cgi | |
| 2)i choose the tar.gz option to place all in my custom directories, you can use a script like |
psxdev
/ gist:3164e62ad178c4be002abe95918088c4
Created
June 17, 2022 21:32
prospero list /app0 thanks to TheFlow, sleirsgoevy and zecoxao :P brackets brackets....
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [HOST] debugnet listener up | |
| [HOST] ready to have a lot of fun!!! | |
| [PROSPERO][INFO] UdpLogger initialized | |
| [PROSPERO][INFO] [+] bd-jb by bigboss based on TheFlow and sleirsgoevy implementation | |
| [PROSPERO][INFO] [+] Escaping Java Sandbox... | |
| [PROSPERO][INFO] [+] first list in . ... | |
| [PROSPERO][INFO] META-INF | |
| [PROSPERO][INFO] org | |
| [PROSPERO][INFO] [+] now try fakeIxcProxy . ... | |
| [PROSPERO][INFO] [+] after FakeIxcProxy... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Directory tree listing on Prospero | |
| [PROSPERO][DEBUG] /system_tmp | |
| [PROSPERO][DEBUG] /system_tmp/GnmCompositor | |
| [PROSPERO][DEBUG] /system_tmp/GnmCompositorRestricted | |
| [PROSPERO][DEBUG] /system_tmp/SystemTts | |
| [PROSPERO][DEBUG] /RcDZV3xbd4 | |
| [PROSPERO][DEBUG] /RcDZV3xbd4/common | |
| [PROSPERO][DEBUG] /RcDZV3xbd4/common/lib | |
| [PROSPERO][DEBUG] /RcDZV3xbd4/common/lib/0VCZq_7VjvwjsFYg8xirSTau96ShhC6SD95Lnjb2tCE.sbin |
psxdev
/ gist:ce3e529fe1e685c9a76a7eeef0cb8311
Created
May 21, 2022 22:02
prospero dump readable segments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| We can't read the execution segment yet, this code will dump readable segment for libSceLibcInternal, libKernel and libSceNpWebkit | |
| [PROSPERO][DEBUG] pid: 73 vmap id: 80 start: 0x814ec8000 end: 0x814fa4000 size: 901120 prot: 4: --x structsize: 144 type:9 path: | |
| [PROSPERO][DEBUG] pid: 73 vmap id: 81 start: 0x814fa4000 end: 0x814ff0000 size: 311296 prot: 1: r-- structsize: 144 type:9 path: | |
| [PROSPERO][DEBUG] pid: 73 vmap id: 82 start: 0x814ff0000 end: 0x814ff8000 size: 32768 prot: 1: r-- structsize: 144 type:9 path: | |
| [PROSPERO][DEBUG] pid: 73 vmap id: 83 start: 0x814ff8000 end: 0x814ffc000 size: 16384 prot: 3: rw- structsize: 144 type:9 path: | |
| [PROSPERO][DEBUG] pid: 73 vmap id: 84 start: 0x814ffc000 end: 0x81500c000 size: 65536 prot: 3: rw- structsize: 144 type:1 path: | |
| [PROSPERO][DEBUG] pid: 73 vmap id: 59 start: 0x8068b8000 end: 0x8068f8000 size: 262144 prot: 4: --x structsize: 144 type:9 path: | |
| [PROSPERO][DEBUG] pid: 73 vmap id: 60 start: 0x8068f8000 end: 0x806914000 size: 114688 prot: 1: r-- stru |
psxdev
/ gist:f7a935d82bea88db75d6430d757f5099
Created
May 7, 2022 19:47
prospero proc,vmap and modules from Native SELF SceNKWebProcess pid on retail
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| address and pid will change in each execution in browser. Output redirected to debugnet using clasic udp port 18194 | |
| % ./debug.sh | |
| [HOST] debugnet listener up | |
| [HOST] ready to have a lot of fun!!! | |
| [PROSPERO][DEBUG] debugnet initialized | |
| [PROSPERO][DEBUG] sys___sysctl with mib[0]=CTL_KERN mib[1]=KERN_PROC mib[2]=KERN_PROC_PID mib[3]=pid:4b return 0 size 1096 | |
| [PROSPERO][DEBUG] sys___sysctl with pid=4b and buffer size 1096 return 0 ki_emul Native SELF ki_comm SceNKWebProcess ki_tdname SceNKWebProcessM | |
| [PROSPERO][DEBUG] sys___sysctl with mib[0]=CTL_KERN mib[1]=KERN_PROC mib[2]=KERN_PROC_VMMAP mib[3]=pid:4b return 0 vmap size: 24256 | |
| [PROSPERO][DEBUG] sys___sysctl return 0 vmap num rounded: 166 | |
| [PROSPERO][DEBUG] pid: 4b vmap id: 0 start: 0x5dd84000 end: 0x5dd8c000 size: 32768 prot: 4: --x structsize: 144 type:9 path: |